Loading apps/s_server.c +0 −7 Original line number Original line Diff line number Diff line Loading @@ -1058,7 +1058,6 @@ int MAIN(int argc, char *argv[]) EVP_PKEY *s_key = NULL, *s_dkey = NULL; EVP_PKEY *s_key = NULL, *s_dkey = NULL; int no_cache = 0, ext_cache = 0; int no_cache = 0, ext_cache = 0; int rev = 0, naccept = -1; int rev = 0, naccept = -1; int c_no_resumption_on_reneg = 0; #ifndef OPENSSL_NO_TLSEXT #ifndef OPENSSL_NO_TLSEXT EVP_PKEY *s_key2 = NULL; EVP_PKEY *s_key2 = NULL; X509 *s_cert2 = NULL; X509 *s_cert2 = NULL; Loading Loading @@ -1183,10 +1182,6 @@ int MAIN(int argc, char *argv[]) c_auth = 1; c_auth = 1; } } #endif #endif else if (strcmp(*argv, "-no_resumption_on_reneg") == 0) { c_no_resumption_on_reneg = 1; } else if (strcmp(*argv,"-auth_require_reneg") == 0) else if (strcmp(*argv,"-auth_require_reneg") == 0) { { c_auth_require_reneg = 1; c_auth_require_reneg = 1; Loading Loading @@ -1963,8 +1958,6 @@ bad: } } #endif #endif if (c_no_resumption_on_reneg) SSL_CTX_set_options(ctx, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION); if (!set_cert_key_stuff(ctx, s_cert, s_key, s_chain, build_chain)) if (!set_cert_key_stuff(ctx, s_cert, s_key, s_chain, build_chain)) goto end; goto end; #ifndef OPENSSL_NO_TLSEXT #ifndef OPENSSL_NO_TLSEXT Loading doc/ssl/SSL_CONF_cmd.pod +7 −0 Original line number Original line Diff line number Diff line Loading @@ -133,6 +133,10 @@ Use server and not client preference order when determining which cipher suite, signature algorithm or elliptic curve to use for an incoming connection. signature algorithm or elliptic curve to use for an incoming connection. Equivalent to B<SSL_OP_CIPHER_SERVER_PREFERENCE>. Only used by servers. Equivalent to B<SSL_OP_CIPHER_SERVER_PREFERENCE>. Only used by servers. =item B<-no_resumption_on_reneg> set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag. Only used by servers. =item B<-legacyrenegotiation> =item B<-legacyrenegotiation> permits the use of unsafe legacy renegotiation. Equivalent to setting permits the use of unsafe legacy renegotiation. Equivalent to setting Loading Loading @@ -292,6 +296,9 @@ determining which cipher suite, signature algorithm or elliptic curve to use for an incoming connection. Equivalent to to use for an incoming connection. Equivalent to B<SSL_OP_CIPHER_SERVER_PREFERENCE>. Only used by servers. B<SSL_OP_CIPHER_SERVER_PREFERENCE>. Only used by servers. B<NoResumptionOnRenegotiation> set B<SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION> flag. Only used by servers. B<UnsafeLegacyRenegotiation> permits the use of unsafe legacy renegotiation. B<UnsafeLegacyRenegotiation> permits the use of unsafe legacy renegotiation. Equivalent to B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION>. Equivalent to B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION>. Loading ssl/ssl_conf.c +2 −0 Original line number Original line Diff line number Diff line Loading @@ -212,6 +212,7 @@ static int ctrl_str_option(SSL_CONF_CTX *cctx, const char *cmd) SSL_FLAG_TBL_SRV("serverpref", SSL_OP_CIPHER_SERVER_PREFERENCE), SSL_FLAG_TBL_SRV("serverpref", SSL_OP_CIPHER_SERVER_PREFERENCE), SSL_FLAG_TBL("legacy_renegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION), SSL_FLAG_TBL("legacy_renegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION), SSL_FLAG_TBL_SRV("legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT), SSL_FLAG_TBL_SRV("legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT), SSL_FLAG_TBL_SRV("no_resumption_on_reneg", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION), SSL_FLAG_TBL_SRV_INV("no_legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT), SSL_FLAG_TBL_SRV_INV("no_legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT), SSL_FLAG_TBL_CERT("strict", SSL_CERT_FLAG_TLS_STRICT), SSL_FLAG_TBL_CERT("strict", SSL_CERT_FLAG_TLS_STRICT), #ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL #ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL Loading Loading @@ -355,6 +356,7 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value) SSL_FLAG_TBL("Bugs", SSL_OP_ALL), SSL_FLAG_TBL("Bugs", SSL_OP_ALL), SSL_FLAG_TBL_INV("Compression", SSL_OP_NO_COMPRESSION), SSL_FLAG_TBL_INV("Compression", SSL_OP_NO_COMPRESSION), SSL_FLAG_TBL_SRV("ServerPreference", SSL_OP_CIPHER_SERVER_PREFERENCE), SSL_FLAG_TBL_SRV("ServerPreference", SSL_OP_CIPHER_SERVER_PREFERENCE), SSL_FLAG_TBL_SRV("NoResumptionOnRenegotiation", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION), SSL_FLAG_TBL_SRV("DHSingle", SSL_OP_SINGLE_DH_USE), SSL_FLAG_TBL_SRV("DHSingle", SSL_OP_SINGLE_DH_USE), SSL_FLAG_TBL_SRV("ECDHSingle", SSL_OP_SINGLE_ECDH_USE), SSL_FLAG_TBL_SRV("ECDHSingle", SSL_OP_SINGLE_ECDH_USE), SSL_FLAG_TBL("UnsafeLegacyRenegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION), SSL_FLAG_TBL("UnsafeLegacyRenegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION), Loading Loading
apps/s_server.c +0 −7 Original line number Original line Diff line number Diff line Loading @@ -1058,7 +1058,6 @@ int MAIN(int argc, char *argv[]) EVP_PKEY *s_key = NULL, *s_dkey = NULL; EVP_PKEY *s_key = NULL, *s_dkey = NULL; int no_cache = 0, ext_cache = 0; int no_cache = 0, ext_cache = 0; int rev = 0, naccept = -1; int rev = 0, naccept = -1; int c_no_resumption_on_reneg = 0; #ifndef OPENSSL_NO_TLSEXT #ifndef OPENSSL_NO_TLSEXT EVP_PKEY *s_key2 = NULL; EVP_PKEY *s_key2 = NULL; X509 *s_cert2 = NULL; X509 *s_cert2 = NULL; Loading Loading @@ -1183,10 +1182,6 @@ int MAIN(int argc, char *argv[]) c_auth = 1; c_auth = 1; } } #endif #endif else if (strcmp(*argv, "-no_resumption_on_reneg") == 0) { c_no_resumption_on_reneg = 1; } else if (strcmp(*argv,"-auth_require_reneg") == 0) else if (strcmp(*argv,"-auth_require_reneg") == 0) { { c_auth_require_reneg = 1; c_auth_require_reneg = 1; Loading Loading @@ -1963,8 +1958,6 @@ bad: } } #endif #endif if (c_no_resumption_on_reneg) SSL_CTX_set_options(ctx, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION); if (!set_cert_key_stuff(ctx, s_cert, s_key, s_chain, build_chain)) if (!set_cert_key_stuff(ctx, s_cert, s_key, s_chain, build_chain)) goto end; goto end; #ifndef OPENSSL_NO_TLSEXT #ifndef OPENSSL_NO_TLSEXT Loading
doc/ssl/SSL_CONF_cmd.pod +7 −0 Original line number Original line Diff line number Diff line Loading @@ -133,6 +133,10 @@ Use server and not client preference order when determining which cipher suite, signature algorithm or elliptic curve to use for an incoming connection. signature algorithm or elliptic curve to use for an incoming connection. Equivalent to B<SSL_OP_CIPHER_SERVER_PREFERENCE>. Only used by servers. Equivalent to B<SSL_OP_CIPHER_SERVER_PREFERENCE>. Only used by servers. =item B<-no_resumption_on_reneg> set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag. Only used by servers. =item B<-legacyrenegotiation> =item B<-legacyrenegotiation> permits the use of unsafe legacy renegotiation. Equivalent to setting permits the use of unsafe legacy renegotiation. Equivalent to setting Loading Loading @@ -292,6 +296,9 @@ determining which cipher suite, signature algorithm or elliptic curve to use for an incoming connection. Equivalent to to use for an incoming connection. Equivalent to B<SSL_OP_CIPHER_SERVER_PREFERENCE>. Only used by servers. B<SSL_OP_CIPHER_SERVER_PREFERENCE>. Only used by servers. B<NoResumptionOnRenegotiation> set B<SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION> flag. Only used by servers. B<UnsafeLegacyRenegotiation> permits the use of unsafe legacy renegotiation. B<UnsafeLegacyRenegotiation> permits the use of unsafe legacy renegotiation. Equivalent to B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION>. Equivalent to B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION>. Loading
ssl/ssl_conf.c +2 −0 Original line number Original line Diff line number Diff line Loading @@ -212,6 +212,7 @@ static int ctrl_str_option(SSL_CONF_CTX *cctx, const char *cmd) SSL_FLAG_TBL_SRV("serverpref", SSL_OP_CIPHER_SERVER_PREFERENCE), SSL_FLAG_TBL_SRV("serverpref", SSL_OP_CIPHER_SERVER_PREFERENCE), SSL_FLAG_TBL("legacy_renegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION), SSL_FLAG_TBL("legacy_renegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION), SSL_FLAG_TBL_SRV("legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT), SSL_FLAG_TBL_SRV("legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT), SSL_FLAG_TBL_SRV("no_resumption_on_reneg", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION), SSL_FLAG_TBL_SRV_INV("no_legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT), SSL_FLAG_TBL_SRV_INV("no_legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT), SSL_FLAG_TBL_CERT("strict", SSL_CERT_FLAG_TLS_STRICT), SSL_FLAG_TBL_CERT("strict", SSL_CERT_FLAG_TLS_STRICT), #ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL #ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL Loading Loading @@ -355,6 +356,7 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value) SSL_FLAG_TBL("Bugs", SSL_OP_ALL), SSL_FLAG_TBL("Bugs", SSL_OP_ALL), SSL_FLAG_TBL_INV("Compression", SSL_OP_NO_COMPRESSION), SSL_FLAG_TBL_INV("Compression", SSL_OP_NO_COMPRESSION), SSL_FLAG_TBL_SRV("ServerPreference", SSL_OP_CIPHER_SERVER_PREFERENCE), SSL_FLAG_TBL_SRV("ServerPreference", SSL_OP_CIPHER_SERVER_PREFERENCE), SSL_FLAG_TBL_SRV("NoResumptionOnRenegotiation", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION), SSL_FLAG_TBL_SRV("DHSingle", SSL_OP_SINGLE_DH_USE), SSL_FLAG_TBL_SRV("DHSingle", SSL_OP_SINGLE_DH_USE), SSL_FLAG_TBL_SRV("ECDHSingle", SSL_OP_SINGLE_ECDH_USE), SSL_FLAG_TBL_SRV("ECDHSingle", SSL_OP_SINGLE_ECDH_USE), SSL_FLAG_TBL("UnsafeLegacyRenegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION), SSL_FLAG_TBL("UnsafeLegacyRenegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION), Loading
